AWS CLI 实现 S3与EC2实例间文件复制

前置

  • AWS账户
  • EC2实例已安装AWS CLI

步骤1:配置IAM用户

  1. 创建IAM用户
  2. 添加以下策略:

AmazonS3FullAccess策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        }
    ]
}

AmazonEC2FullAccess策略

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "ec2scheduled.amazonaws.com",
                        "elasticloadbalancing.amazonaws.com",
                        "spot.amazonaws.com",
                        "spotfleet.amazonaws.com",
                        "transitgateway.amazonaws.com"
                    ]
                }
            }
        }
    ]
}

步骤2:在EC2上配置AWS CLI

运行aws configure并输入以下信息:

AWS Access Key ID [None]: ${IAM用户访问密钥ID}
AWS Secret Access Key [None]: ${IAM用户私有访问密钥}
Default region name [None]: us-west-2
Default output format [None]: json

步骤3:文件复制操作

使用AWS CLI的cp命令,语法如下:

aws s3 cp <本地路径> <S3Uri>  # 上传至S3
aws s3 cp <S3Uri> <本地路径>  # 从S3下载
aws s3 cp <S3Uri> <S3Uri>    # S3存储桶间复制

示例

# 上传文件至S3
aws s3 cp myfile.txt s3://my-bucket/

# 从S3下载文件
aws s3 cp s3://my-bucket/myfile.txt ./

# 在S3存储桶间复制
aws s3 cp s3://source-bucket/file.txt s3://dest-bucket/

安全最佳实践

  1. 使用最小权限访问 - 建议将S3权限限制到特定存储桶
  2. 定期轮换IAM访问密钥
  3. 切勿共享或提交AWS凭证
  4. 考虑对EC2实例使用IAM角色而不是访问密钥
posted @ 2024-10-31 01:21  LexLuc  阅读(13)  评论(0编辑  收藏  举报